Skip to content

Commit

Permalink
20241114
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Nov 14, 2024
1 parent 3d29fdb commit 98da27a
Show file tree
Hide file tree
Showing 243 changed files with 14,461 additions and 1 deletion.
2 changes: 1 addition & 1 deletion date.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20241113
20241114
241 changes: 241 additions & 0 deletions poc.txt

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: bamboo-enquiries-f6e2c4f4fe2ffe688436d21855e34078

info:
name: >
Bamboo Enquiries <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
author: topscoder
severity: low
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4028fe14-eca4-4bc5-9374-084377a97461?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/bamboo-enquiries/"
google-query: inurl:"/wp-content/plugins/bamboo-enquiries/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,bamboo-enquiries,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/bamboo-enquiries/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "bamboo-enquiries"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.9.3')
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: christian-science-bible-lesson-subjects-c33e5f7de7f3bebfe420108158e380f8

info:
name: >
Christian Science Bible Lesson Subjects <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
author: topscoder
severity: low
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f962bfb4-bb5e-4069-a1a4-7e28335780e6?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/christian-science-bible-lesson-subjects/"
google-query: inurl:"/wp-content/plugins/christian-science-bible-lesson-subjects/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,christian-science-bible-lesson-subjects,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/christian-science-bible-lesson-subjects/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "christian-science-bible-lesson-subjects"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 2.0')
59 changes: 59 additions & 0 deletions poc/auth/loginplus.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: loginplus

info:
name: >
Loginplus <= 1.2 - Unauthenticated Stored Cross-Site Scripting
author: topscoder
severity: high
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3e6678db-6933-4a38-b704-214de7197852?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/loginplus/"
google-query: inurl:"/wp-content/plugins/loginplus/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,loginplus,high

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/loginplus/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "loginplus"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.2')
59 changes: 59 additions & 0 deletions poc/auth/user-password-reset-5fc12b2f21fd12eb5d703e413228e9e0.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: user-password-reset-5fc12b2f21fd12eb5d703e413228e9e0

info:
name: >
User Password Reset <= 1.0 - Reflected Cross-Site Scripting
author: topscoder
severity: medium
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8eca8a98-73df-4062-8800-34c0fdd2a6b1?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/user-password-reset/"
google-query: inurl:"/wp-content/plugins/user-password-reset/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,user-password-reset,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/user-password-reset/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "user-password-reset"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.0')
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: wpvivid-backuprestore-0171e05481c73d4e89531957d075dd31

info:
name: >
Migration, Backup, Staging – WPvivid <= 0.9.107 - Unauthenticated PHP Object Injection
author: topscoder
severity: critical
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9b4eba78-29f2-4357-ab3c-7bc3c20e0e75?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/wpvivid-backuprestore/"
google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,critical

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "wpvivid-backuprestore"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 0.9.107')
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: configure-conference-room-dc3cbc1bbb8517a43db4a3735bc4b2ba

info:
name: >
WP Virtual Room Configurator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
author: topscoder
severity: low
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c5f24f89-3653-452d-bb1e-8bc113770624?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/configure-conference-room/"
google-query: inurl:"/wp-content/plugins/configure-conference-room/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,configure-conference-room,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/configure-conference-room/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "configure-conference-room"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.0.0')
Loading

0 comments on commit 98da27a

Please sign in to comment.